- Plesk for Linux
CVE-2020-13249 vulnerability is found in MariaDB connector/C
MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server.
Note: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
Call to Action
plesk-libmariadbclientpackage) which is affected by the issue. This library is intended to be used only by Plesk backend in specific internal communication with the local database. A potential attacker has no access to this internal communication so the issue is not exploitable in this case.
However, Plesk will update the package to the latest one with the regular update procedure.
Additionally, a separate
MariaDB connector/Ccan be installed from OS vendor repositories and can be used in the system.
MariaDB Connector/Ccan be included into MariaDB Server package. In this case the system can be vulnerable even without Plesk being installed on the server. So it is strongly recommended to keep your system up-to-date and follow the recommendations from OS vendor regarding the CVE: